1 / 27

Requirement Engineering for Survivable Systems

Requirement Engineering for Survivable Systems. Presented By Chamali L. Thanthiriwatte. References. N. Mead, "Requirements Engineering for Survivable Systems," Technical Note CMU/SEI-2003-TN-013, Software Engineering Institute, 2003. Outline. Requirement Engineering Requirement Management

hayden-dodson
Télécharger la présentation

Requirement Engineering for Survivable Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Requirement Engineering for Survivable Systems Presented By Chamali L. Thanthiriwatte

  2. References N. Mead, "Requirements Engineering for Survivable Systems," Technical Note CMU/SEI-2003-TN-013, Software Engineering Institute, 2003.

  3. Outline • Requirement Engineering • Requirement Management • Survivable System • Survivable/System Requirements • Survivability Services • Practices and Methods • Modeling of Survivability Requirements • Conclusion

  4. Requirement Engineering Science and discipline concerned with establishing and documenting software requirements. Described as a four-step process model consist of following processes. • Requirement Elicitation • Analysis and Negotiation • Documentation • Validation Final Output  Set of Agreed-Upon Requirements

  5. Requirement Management • Goals of requirement management according to Capability maturity model (CMM), Goal 1: System requirements allocated to software are controlled to establish a baseline for software engineering and management use. Goal 2: Software plans, products and activities are kept consistent with the system requirements allocated to software.

  6. Survivable System • Survivability refers to the capability of a system to complete its mission in a timely manner, even if significant portions are compromised by attack. Importance of survivability Each and every computer system is more or less vulnerable to attacks. Specially unbounded network environments cannot be protected using firewalls. Therefore it is vital to expand the information systems security to encompass system behavior that contributes survivability in spite of the intrusions.

  7. Characteristics of a survivable network system • Preserve essential services under intrusion and recover full services in a timely manner. • Ensure survivability in environments characterized by unbounded networks and dynamic architectures. Survivability is a framework of integrating following disciplines…… System Reliability, Safety, Security, Fault Tolerance, Dynamic System Adaptation, Trust Maintenance, Diversification etc.,

  8. System /Survivable Requirements • System requirements refers to functional and non-functional requirements. • Survivability requirements refers to system capabilities to delivery of essential services in the presence of intrusion, and recovery of full services. • Survivability requires that system requirements to be organized into essential services and non-essential services (may be based on the business criticality or user groups). • Essential services must be maintained even during successful attacks.

  9. Integration of System and Survivability Requirements Network Level Emergent Behavior Requirements: Node Level Survivability Requirements: Node Level System Requirements : Survivability Services: Resistance Recognition Recovery Non-Essential Functional Services Essential Functional Services Essential functional services must be maintained in a survivable system even during an attack.

  10. How essential functional services work… • Survivable systems are capable of adapting their behavior, function and resource allocation in response to intrusions. • Functions and resources devoted to non-essential functional services could be reallocated to the delivery of essential services and intrusion resistance, recognition and recovery. • Requirements for such systems must specify the adaptation and reconfiguration in response to intrusions.

  11. Survivability Services(Resistance, Recognition and Recovery) • Resistance • Capability of a system to deter attacks. • Important during the penetration and exploration phases of the attack prior to the actual attack. • Use of firewalls, authentication and encryption are the known resistant strategies.

  12. Capability to recognize attacks or to recognize the probing that may precede attacks. Recognition of an attack is crucial, in order to react or adapt to the intrusion where the attack cannot be completely repelled. Currently used attack recognition strategies are logging and frequent auditing etc. There are two types of advanced intrusion detection systems such as anomaly detection and pattern recognition. Survivability Services Contd... • Recognition

  13. Survivability Services Contd... • Recovery • Ability to restore services after an intrusion has occurred. • Capability to resist or recognize future intrusion attempts. - Currently used recovery strategies are replication of critical information and services, use of fault-tolerant designs and back up systems for hardware and software.

  14. Survivability Vs Security Requirements • The requirements for recoverability clearly distinguishes survivable systems from merely secure systems. • Traditional computer security leads to the design of systems that rely almost entirely on resistance, for the protection of system resources. • Survivable systems have the capability to react or adapt during active intrusion to survive an attack which cannot be repelled.

  15. Practices that support Requirement Engineering for Survivable Systems • When the use case diagram is drawn, include a security “misuse” case which describes the scenario from the attacker’s point of view. • Document “misuse” case scenarios same as the other normal use scenarios and ultimately used to identify security requirements or security use cases.

  16. Abuse case diagram for internet based information security laboratory Abuse cases tend to show the “abuse” side of the system.

  17. Contrast between Use and Abuse Cases

  18. Difference between Misuse Casesand Security Use Cases

  19. Formal methods which supports requirement engineering for survivable systems… - Typically used in specification and verification of secure and survivable systems. - Organizational objectives are translated into the specification of all relevant security functions of the system.Planned System Specification of all relevant security security functions Specification of all relevant security functions Organizational Objectives

  20. Some of formal Methods are applied to security standards such as common criteria and IPSec Protocol (IPSec). Common Criteria –A global security standard • Framework for evaluating and certifying the security of IT products that is recognized by governments and IT professionals. • Consider as a critical measure of the quality of an information technology security product. Common Criteria site-www.commoncriteriaportal.org/

  21. IPSec Protocol - Internet Protocol Security • Framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers at the IP layer.

  22. Modeling of Survivability Requirements • There are several approaches to model survivability requirements such as attack trees and fault trees. Attack Tree • Method of modeling intrusions and steps of the intrusion. Eg:- Penetration using buffer overflow • Can be used for requirement elicitation and identify the requirements for IDS (Intrusion Detection Systems).

  23. Fault Tree • Models behavior of the intrusion. • Used to identify other security and survivability requirements for the system. • Lets see an example …..

  24. Conclusion • Survivable requirement definition represents a new and challenging area in software engineering. • Risks of large scale unbounded network systems makes it essential to create effective methods for survivability requirements analysis and specification. • Successful development of systems that are more survivable, can be obtained through proper usage of requirement engineering methods in their development.

  25. Acknowledgement • Dr. Edward Allen • Dr. Susan M. Bridges • Department of Computer Science and Engineering, Mississippi State University

More Related